ARTICLE
13 November 2025

The Cinderella Effect: Transforming Quality Control In Financial Crime Compliance With AI

AC
Ankura Consulting Group LLC

Contributor

Ankura Consulting Group LLC logo
Ankura Consulting Group, LLC is an independent global expert services and advisory firm that delivers end-to-end solutions to help clients at critical inflection points related to conflict, crisis, performance, risk, strategy, and transformation. Ankura consists of more than 1,800 professionals and has served 3,000+ clients across 55 countries. Collaborative lateral thinking, hard-earned experience, and multidisciplinary capabilities drive results and Ankura is unrivalled in its ability to assist clients to Protect, Create, and Recover Value. For more information, please visit, ankura.com.
Explore Firm Details
Let us say what compliance officers whisper in hallways but rarely commit to writing: Quality control (QC) in financial crime has been the organizationally...
United States Technology
Petra Hrachova
Ankura Consulting Group LLC are most popular:
  • within Compliance and Insurance topic(s)

The Uncomfortable Truth About Quality Control

Let us say what compliance officers whisper in hallways but rarely commit to writing: Quality control (QC) in financial crime has been the organizationally orphaned stepchild for decades — not the kind that gets sympathy, but akin to Cinderella, relegated to the back office — expected to do the dirty work with only last year's budget scraps and a mandate to "just make sure we look good when the regulators show up" — but never invited to the ball.

The ritual is familiar. An issue surfaces. Someone declares, "We need better QC." A sampling program gets hastily assembled. Excel sheets multiply. A junior analyst reviews 2% of cases, finds what everyone already knew was broken, writes a report that lands in someone's "read eventually" folder, and the cycle continues. QC becomes the organizational equivalent of putting fresh paint on a crumbling foundation — it covers the obvious issues just long enough to survive the next examination.

QC vs. QA: Why the Distinction Actually Matters

QC involves ground-level work, systematically comparing outputs to standards. In financial crime compliance, it checks alert dispositions, investigations, and Suspicious Activity Report (SAR) filings to ensure adherence to procedures, acting as the inspector to catch defects before they go out.

Quality assurance (QA) operates at the architectural level. QA asks whether your entire system is designed to produce quality outcomes. It examines policies, procedures, system configurations, model governance, training programs — the infrastructure that enables, or prevents, quality work.

If QC catches individual mistakes, QA prevents systemic failures.

Most institutions have stumbled through doing QC badly and QA barely at all. The result? Compliance programs that generate massive volumes of work without proportional risk reduction, staffed by analysts who know the outputs are questionable but lack the architecture to improve them.

From Structure to Intelligence: The QSeePro Foundation

A few years ago, Ankura introduced QSeePro — a solution that brought genuine rigor to financial crime QC. It delivers statistical sample selection instead of arbitrary thresholds; automated reporting instead of manual spreadsheets; and standardized workflows that replace the chaos of ad-hoc reviews. For institutions drowning in inconsistent, undocumented QC processes, QSeePro provided the structure and efficiency they desperately needed. It was purpose-built for the problem, and it worked.

QSeePro represented the pinnacle of what systematic, technology-enabled QC could achieve within its paradigm. But here is the thing about paradigms: Sometimes they do not incrementally improve — they shift entirely. With the emergence of agentic artificial intelligence (AI), that is exactly what is happening. QSeePro built the foundation; agentic AI is building something entirely new on top of it.

Agentic AI: When QC Actually Understands What It Is Reviewing

Realizing that advances in AI have enabled a fundamentally different approach to QC — one that was not possible until now. Ankura has developed the AI Analyst specifically for financial crime workflows: transaction monitoring alerts, case dispositions, sanctions screening, PEP alerts, Know Your Customer (KYC) customer reviews — the core work that consumes thousands of analyst hours and generates inconsistent results. Ankura's AI Analyst does not assist human analysts; it performs the analysis itself, with accuracy and consistency that matches or exceeds human output.

The architecture matters here. We have deployed a layered, multi-agent approach in which specialized AI agents handle different aspects of investigation, challenge each other's conclusions, and synthesize findings the way an experienced investigative team would. One agent examines transaction patterns. Another evaluates customer profile consistency. A third assesses evidence quality and documentation.

And here is where it gets interesting for QC specifically: We can deploy these AI Analysts in reverse — to quality control human output. Ankura's AI Analyst can review the same alert or case that a human investigator closed, conducting its own independent investigation to generate a detailed comparison that in essence says:

  • This is what the human analyst concluded.
  • This is what I found.
  • Here is where we agree.
  • Here is where we diverge.
  • Here is why — with specific references to transaction patterns, policy requirements, regulatory guidance, and risk indicators.

The transparency of the process and the robust analysis it delivers is unlike anything QC has produced before. You do not simply receive a score or a pass/fail grade. You are provided with a step-by-step analytical comparison that reads like a peer review from your most thorough senior investigator.

Ankura's AI Analyst leverages open-source intelligence (OSINT) integration to pull in open-source intelligence that human analysts might have missed, cross-referencing public records, news sources, and sanctions databases in real-time. The embedded QC component runs continuously — not as a separate quarterly project, but as an integral part of the workflow. And critically, AI Analyst requires Human-in-the-Loop (HITL) oversight — every disposition goes through human validation. Ankura's AI Analyst does not replace oversight; it makes it exponentially more effective.

Think Your QC Is Ready for the AI Revolution? You May Need to Think Again

The path forward requires moving past two extremes: reckless deployment and analytical paralysis.

Start with substantive demonstrations: Effective demos are not product tours — they are collaborative discovery sessions whose goal is finding a solution that genuinely fits your use case. Do not waste time just watching a polished presentation. Insist that the demonstration is provided by subject-matter experts who understand financial crime workflows, and not by sales professionals who know the software interface. You need someone who can discuss transaction monitoring nuances, regulatory expectations, and investigative methodologies — someone who speaks your language. During the demo, focus on several key areas:

  • How does the solution handle ambiguity and edge cases?
  • What does the audit trail look like?
  • How transparent is the decision-making process?
  • Can you understand why the AI reached its conclusions?
  • What does error handling look like when data is messy or incomplete?
  • How customizable is it to your specific policies and risk appetite?

The answers to these questions matter far more than slick visualizations or impressive speed metrics.

Consider vendor viability carefully: New AI companies are sprouting up weekly, each promising revolutionary functionality. While innovation often comes from startups, financial crime compliance requires long-term partnerships — keep in mind, you are not just buying software, you are integrating critical operational infrastructure. Be sure to consider the vendor's staying power. A startup with brilliant technology but an uncertain runway presents real risk when you are building compliance infrastructure for the next decade. Working with an established firm offers institutional guarantees that matter: Aim for a partner that is here to stay, with financial stability, professional reputation, and client commitments that ensure ongoing support, development, and accountability.

Structure limited-scope POCs: The proof of concept (POC) should do exactly that — prove the vendor can deliver what they promise without requiring you to sign your life away. Pick a single, well-defined use case (QC review of sanctions alert dispositions, for example) with a constrained dataset. The goal is validation: Does the functionality actually exist and work as promised? Can it handle your data formats? Does the output meet your quality standards? Keep the scope tight, the timeline short (30-60 days), and the commitment minimal.

Move to pilot with expanded scope: Once the POC validates core functionality, structure a pilot that tests operational viability. Expand the sample size significantly and evaluate everything that matters for real deployment: application programming interface (API) integration with your existing systems, data handling at scale, user interface usability, documentation quality, vendor responsiveness, support quality, and performance under production-like conditions. This is where you discover whether the vendor can execute beyond the demo environment.

Apply existing risk management frameworks: You already have vendor due diligence processes, third-party risk assessment protocols, and model validation requirements. Use them. AI is not so novel that existing governance frameworks do not apply. Interrogate data handling, model explainability, bias testing, and ongoing monitoring the same way you would for any critical compliance system.

Monitor the evolving regulatory landscape: AI-specific regulations are emerging globally at a rapid pace. The regulatory expectations for AI in financial crime compliance will crystallize over the next 18-24 months. Getting started now means you will be positioned to adapt rather than scrambling to catch up.

The Political and Practical Reality

The current U.S. administration has signaled a regulatory philosophy that favors innovation and efficiency over precautionary prohibition. That does not mean recklessness gets a pass — it means well-governed, properly overseen AI implementation will face fewer bureaucratic obstacles.

But waiting for perfect regulatory clarity is a fool's game. Compliance has never operated with perfect clarity. What matters is sound risk management, appropriate governance, and demonstrated control. Your competition is not waiting. The institutions moving now are not being reckless; they are recognizing that operational efficiency, analytical consistency, and enhanced detection capabilities are not nice-to-haves anymore. They are competitive necessities.

The Real Risk Is Not Adoption — It Is Stagnation

The uncomfortable truth: the biggest risk most institutions face is not implementing AI badly. It is implementing AI too slowly or not implementing it at all.

Your current approach — the one that has been "good enough" for years — is generating massive opportunity costs. Every missed detection, every inconsistent disposition, every SAR narrative that barely meets the minimum standard, every hour spent on rework that QC catches three months late. Those are not neutral outcomes. They are failures you have normalized.

Agentic AI in QC is not about replacing human judgment. It is about amplifying human capacity and consistency to levels that were literally impossible before. It is about making QC what it should have been all along: not a check-the-box exercise to pacify regulators, but a genuine mechanism for ensuring quality, consistency, and continuous improvement.

Your Time to Shine

Stop treating AI as a future problem to study. Start treating it as a present opportunity to capture.

Demand real demonstrations from vendors — not PowerPoints about what they will build someday but working systems handling actual use cases today. Structure POCs that test claims against operational reality. Apply the risk management frameworks you already have instead of inventing new reasons to delay.

If you are still sitting on the sidelines, convincing yourself that "we will see how it plays out," understand what you are really saying: "We are comfortable letting our competitors get better at this while we perfect the art of hesitation."

The compliance function has spent decades as a cost center defending its budget and justifying its existence. Agentic AI offers something rare — a chance to become genuinely more effective while becoming more efficient. To detect more while investigating less. To improve quality while reducing cost.

If QC is Cinderella — overlooked, underappreciated, and relegated to the background — agentic AI is the glass slipper — perfectly fitting QC and transforming it for the role it was meant to play — visible, valued, and essential. The only question is whether you will keep QC hidden in the shadows or let it step into its rightful place as the belle of the compliance ball.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Petra Hrachova
Petra Hrachova
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More